Tests Show Ease of Hacking ECDIS, Radar and Machinery
Security company Naval Dome has demonstrated what it says is the maritime industry’s nightmare security scenario with a series of cyber penetration tests on systems in common use on board tankers, container ships, super yachts and cruise ships.
The tests demonstrated the ease with which hackers can access and over-ride ship critical systems.
With the permission and under the supervision of system manufacturers and owners, Naval Dome’s cyber engineering team hacked into live, in-operation systems used to control a ships’ navigation, radar, engines, pumps and machinery.
While the test ships and their systems were not in any danger, Naval Dome was able to shift the vessel’s reported position and mislead the radar display. Another attack resulted in machinery being disabled, signals to fuel and ballast pumps being over-ridden and steering gear controls manipulated.
Commenting on the first wave of penetration tests, on the ship’s Electronic Chart Display and Information System (ECDIS), Asaf Shefi, Naval Dome's CTO, the former Head of the Israeli Naval C4I and Cyber Defense Unit, said: "We succeed in penetrating the system simply by sending an email to the Captain's computer.
“We designed the attack to alter the vessel’s position at a critical point during an intended voyage - during night-time passage through a narrow canal. During the attack, the system's display looked normal, but it was deceiving the Officer of the Watch. The actual situation was completely different to the one on screen. If the vessel had been operational, it would have almost certainly run aground.”
According to Shefi, the Naval Dome hack was able to alter draft/water depth details in line with the spurious position data displayed on screen.
“The vessel's crucial parameters - position, heading, depth and speed - were manipulated in a way that the navigation picture made sense and did not arouse suspicion,” he said. "This type of attack can easily penetrate the antivirus and firewalls typically used in the maritime sector.”
Shefi said: "The Captain's computer is regularly connected to the internet through a satellite link, which is used for chart updates and for general logistic updates. Our attacking file was transferred to the ECDIS in the first chart update. The penetration route was not too complicated: the attacking file identified the Disk-On-Key use for update and installed itself. So once the officer had updated the ECDIS, our attack file immediately installed itself on to the system.”
One reason it’s so easy to hijack the satellite communications of a ship and take admin rights on the on-board terminal is that many terminals are available on the public Internet and have default credentials “admin/1234” or “admin/12345,” which are obviously quite common and easy to guess, Munro said.
The PTP team also managed to hack a ship’s satcom terminal hardware, which had admin interfaces over telent and HTTP and, upon closer inspection, unsigned firmware, he said.
Moreover, the team also could edit the entire web application running on the terminal, something that also can be leveraged in attacks. Hackers with a bit of access also could elevate their privileges by installing an older, more vulnerable version of the firmware because there was no rollback protection for it, Munro said.
Once the satcom terminal was hacked, researchers found it’s often quite easy to get directly onto the ship’s own network, which is where some of the real harm can be done and the danger lies for those on board.
“We often find a lack of network segregation on the vessel,” Munro said. “Hack the satcom terminal and you’re on the vessel network.”
Once on the ship network, researchers demonstrated two methods for sending a ship the wrong way–one by hacking its ECDIS, which are the electronic chart systems ships use to navigate, and the other by exploiting the serial networks on board that control the Operation Technology (OT).
...
In the more than 20 different ECDIS units the PTP team tests, they found “all sorts of crazy security flaws,” including the running of ancient operating systems like Windows NT, he said.
A poorly protected configuration interface on one system even allowed the team to “jump” the boat from one side of Dover Harbor to another by spoofing the position of the GPS receiver on the ship–basically telling the ECDIS that the GPS receiver is in a different position on the ship, Munro said.
That makes a lot of sense, I wouldn't be surprised if it happened with how weak the security (if there at all) is on those ships.
Woman driving is enough conspiracy for me.
Why are people calling the ship "Ever Given"? It says "Evergreen" on the side of it.
Company=Evergreen Ship=Ever Given
Ah ha! Thanks fren.
https://www.egypttoday.com/Article/1/100101/Egyptian-female-sea-captain-negates-commanding-stranded-cargo-ship-in
Thanks for taking the time to post that.
That's the phrase of the century.
You can only define if it was hacked if we could see a topology defining how the internal systems work and communicate with each other and how an outsider might go about accessing those systems. Till we see that info the most likely answer is no.
Given the size of the ship and the notes about old tech there's a better chance it wasn't hacked based on the old systems. You may say to yourself Win NT is old and out of date so it's easy to break into. But you're forgetting that it would take extra effort to hack that system due to it being out of date Libraries or old code bases required to build code on those systems would be harder to get. It would be similar to trying to hack an AS400. It's doable, but it's too much of a niche system to focus on it. You would be better focusing on something current like the parent companies corporate network, not the ship.
Who exactly from the MSM says that hacking is difficult?